Executive Summary
Summary | |
---|---|
Title | MIT Kerberos 5: User-assisted execution of arbitrary code |
Informations | |||
---|---|---|---|
Name | GLSA-201412-53 | First vendor Publication | 2014-12-31 |
Vendor | Gentoo | Last vendor Modification | 2014-12-31 |
Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 8.5 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 6.8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis A vulnerability has been found in MIT Kerberos 5, possibly resulting in arbitrary code execution or a Denial of Service condition. Background Description Impact Workaround Resolution References Availability http://security.gentoo.org/glsa/glsa-201412-53.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-201412-53.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
25 % | CWE-415 | Double Free |
25 % | CWE-255 | Credentials Management |
25 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
25 % | CWE-125 | Out-of-bounds Read |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:25491 | |||
Oval ID: | oval:org.mitre.oval:def:25491 | ||
Title: | DSA-3000-1 krb5 - security update | ||
Description: | Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-3000-1 CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344 CVE-2014-4345 | Version: | 3 |
Platform(s): | Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0 | Product(s): | krb5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25901 | |||
Oval ID: | oval:org.mitre.oval:def:25901 | ||
Title: | SUSE-SU-2014:1028-1 -- Security update for krb5 | ||
Description: | This MIT krb5 update fixes a buffer overrun problem in kadmind. | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:1028-1 CVE-2014-4345 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | krb5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26718 | |||
Oval ID: | oval:org.mitre.oval:def:26718 | ||
Title: | RHSA-2014:1255: krb5 security update (Moderate) | ||
Description: | Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center (KDC). A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) All krb5 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:1255-00 CVE-2014-4345 CESA-2014:1255 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | krb5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26856 | |||
Oval ID: | oval:org.mitre.oval:def:26856 | ||
Title: | ELSA-2014-1255 -- krb5 security update (Moderate) | ||
Description: | Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center (KDC). A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) All krb5 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2014-1255 CVE-2014-4345 | Version: | 3 |
Platform(s): | Oracle Linux 5 | Product(s): | krb5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26907 | |||
Oval ID: | oval:org.mitre.oval:def:26907 | ||
Title: | DEPRECATED: SUSE-SU-2014:1028-1 -- Security update for krb5 | ||
Description: | This MIT krb5 update fixes a buffer overrun problem in kadmind. | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:1028-1 CVE-2014-4345 | Version: | 4 |
Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | krb5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26912 | |||
Oval ID: | oval:org.mitre.oval:def:26912 | ||
Title: | AIX NAS denial of service vulnerability | ||
Description: | MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-4341 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26917 | |||
Oval ID: | oval:org.mitre.oval:def:26917 | ||
Title: | RHSA-2014:1389: krb5 security and bug fix update (Moderate) | ||
Description: | Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) Two buffer over-read flaws were found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use either of these flaws to crash the application. (CVE-2014-4341, CVE-2014-4342) A double-free flaw was found in the MIT Kerberos SPNEGO initiators. An attacker able to spoof packets to appear as though they are from an GSSAPI acceptor could use this flaw to crash a client application that uses MIT Kerberos. (CVE-2014-4343) These updated krb5 packages also include several bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the References section, for information on the most significant of these changes. All krb5 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:1389-01 CVE-2013-1418 CVE-2013-6800 CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344 CVE-2014-4345 CESA-2014:1389 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | krb5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26961 | |||
Oval ID: | oval:org.mitre.oval:def:26961 | ||
Title: | AIX NAS double-free in SPNEGO | ||
Description: | Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-4343 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27032 | |||
Oval ID: | oval:org.mitre.oval:def:27032 | ||
Title: | ELSA-2014-1389 -- krb5 security and bug fix update | ||
Description: | [1.10.3-33] - actually apply that last patch [1.10.3-32] - incorporate fix for MITKRB5-SA-2014-001 (CVE-2014-4345, #1128157) [1.10.3-31] - ksu: when evaluating .k5users, don't throw away data from .k5users when we're not passed a command to run, which implicitly means we're attempting to run the target user's shell (#1026721, revised) [1.10.3-30] - ksu: when evaluating .k5users, treat lines with just a principal name as if they contained the principal name followed by '*', and don't throw away data from .k5users when we're not passed a command to run, which implicitly means we're attempting to run the target user's shell (#1026721, revised) [1.10.3-29] - gssapi: pull in upstream fix for a possible NULL dereference in spnego (CVE-2014-4344, #1121510) - gssapi: pull in proposed-and-accepted fix for a double free in initiators (David Woodhouse, CVE-2014-4343, #1121510) [1.10.3-28] - correct a type mistake in the backported fix for CVE-2013-1418/CVE-2013-6800 [1.10.3-27] - pull in backported fix for denial of service by injection of malformed GSSAPI tokens (CVE-2014-4341, CVE-2014-4342, #1121510) - incorporate backported patch for remote crash of KDCs which serve multiple realms simultaneously (RT#7756, CVE-2013-1418/CVE-2013-6800, more of [1.10.3-26] - pull in backport of patch to not subsequently always require that responses come from master KDCs if we get one from a master somewhere along the way while chasing referrals (RT#7650, #1113652) [1.10.3-25] - ksu: if the -e flag isn't used, use the target user's shell when checking for authorization via the target user's .k5users file (#1026721) [1.10.3-24] - define _GNU_SOURCE in files where we use EAI_NODATA, to make sure that it's declared (#1059730) [1.10.3-23] - spnego: pull in patch from master to restore preserving the OID of the mechanism the initiator requested when we have multiple OIDs for the same mechanism, so that we reply using the same mechanism OID and the initiator doesn't get confused (#1087068, RT#7858) [1.10.3-22] - add patch from Jatin Nansi to avoid attempting to clear memory at the NULL address if krb5_encrypt_helper() returns an error when called from encrypt_credencpart() (#1055329, pull #158) [1.10.3-21] - drop patch to add additional access() checks to ksu - they shouldn't be resulting in any benefit [1.10.3-20] - apply patch from Nikolai Kondrashov to pass a default realm set in /etc/sysconfig/krb5kdc to the kdb_check_weak helper, so that it doesn't produce an error if there isn't one set in krb5.conf (#1009389) [1.10.3-19] - packaging: don't Obsoletes: older versions of krb5-pkinit-openssl and virtual Provide: krb5-pkinit-openssl on EL6, where we don't need to bother with any of that (#1001961) [1.10.3-18] - pkinit: backport tweaks to avoid trying to call the prompter callback when one isn't set (part of #965721) - pkinit: backport the ability to use a prompter callback to prompt for a password when reading private keys (the rest of #965721) [1.10.3-17] - backport fix to not spin on a short read when reading the length of a response over TCP (RT#7508, #922884) [1.10.3-16] - backport fix for trying all compatible keys when not being strict about acceptor names while reading AP-REQs (RT#7883, #1070244) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2014-1389 CVE-2013-1418 CVE-2013-6800 CVE-2014-4341 CVE-2014-4344 CVE-2014-4345 CVE-2014-4342 CVE-2014-4343 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | krb5 krb5-devel krb5-libs krb5-pkinit-openssl krb5-server krb5-server-ldap krb5-workstation |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27784 | |||
Oval ID: | oval:org.mitre.oval:def:27784 | ||
Title: | SUSE-SU-2014:1410-1 -- Security update for krb5 (low) | ||
Description: | This update for krb5 fixes the following issues: * When randomizing the keys for a service principal, current keys could be returned. (CVE-2014-5351) * klist -s crashes when handling multiple referral entries. (bnc#890623) Security Issues: * CVE-2014-5351 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5351> | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:1410-1 CVE-2014-5351 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | krb5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28128 | |||
Oval ID: | oval:org.mitre.oval:def:28128 | ||
Title: | Return only new keys in randkey | ||
Description: | The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-5351 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2018-02-01 | Name : The remote Debian host is missing a security update. File : debian_DLA-1265.nasl - Type : ACT_GATHER_INFO |
2018-01-11 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15552.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-0290-2.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-0290-1.nasl - Type : ACT_GATHER_INFO |
2015-03-26 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150305_krb5_on_SL7_x.nasl - Type : ACT_GATHER_INFO |
2015-03-26 | Name : The remote Debian host is missing a security update. File : debian_DLA-37.nasl - Type : ACT_GATHER_INFO |
2015-03-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0439.nasl - Type : ACT_GATHER_INFO |
2015-03-13 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0439.nasl - Type : ACT_GATHER_INFO |
2015-03-10 | Name : The remote Fedora host is missing a security update. File : fedora_2015-2382.nasl - Type : ACT_GATHER_INFO |
2015-03-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0439.nasl - Type : ACT_GATHER_INFO |
2015-02-26 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_dbf9e66cbd5011e4a7ba206a8a720317.nasl - Type : ACT_GATHER_INFO |
2015-02-12 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-128.nasl - Type : ACT_GATHER_INFO |
2015-02-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2498-1.nasl - Type : ACT_GATHER_INFO |
2015-01-27 | Name : The remote AIX host has a version of NAS installed that is affected by an inf... File : aix_nas_advisory2.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_kerberos_20141216.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_kerberos_20141120.nasl - Type : ACT_GATHER_INFO |
2015-01-02 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-53.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0034.nasl - Type : ACT_GATHER_INFO |
2014-11-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-224.nasl - Type : ACT_GATHER_INFO |
2014-11-18 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-443.nasl - Type : ACT_GATHER_INFO |
2014-11-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_krb5-201410-141002.nasl - Type : ACT_GATHER_INFO |
2014-11-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1389.nasl - Type : ACT_GATHER_INFO |
2014-11-04 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141014_krb5_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2014-10-17 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1389.nasl - Type : ACT_GATHER_INFO |
2014-10-14 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140916_krb5_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2014-10-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1389.nasl - Type : ACT_GATHER_INFO |
2014-10-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1255.nasl - Type : ACT_GATHER_INFO |
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15553.nasl - Type : ACT_GATHER_INFO |
2014-10-09 | Name : The remote Fedora host is missing a security update. File : fedora_2014-11940.nasl - Type : ACT_GATHER_INFO |
2014-10-01 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1245.nasl - Type : ACT_GATHER_INFO |
2014-09-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1255.nasl - Type : ACT_GATHER_INFO |
2014-09-18 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1255.nasl - Type : ACT_GATHER_INFO |
2014-09-18 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1245.nasl - Type : ACT_GATHER_INFO |
2014-09-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1245.nasl - Type : ACT_GATHER_INFO |
2014-09-12 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-165.nasl - Type : ACT_GATHER_INFO |
2014-09-04 | Name : The remote AIX host has a version of NAS installed that is affected by multip... File : aix_nas_advisory1.nasl - Type : ACT_GATHER_INFO |
2014-08-27 | Name : The remote Fedora host is missing a security update. File : fedora_2014-9305.nasl - Type : ACT_GATHER_INFO |
2014-08-21 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-508.nasl - Type : ACT_GATHER_INFO |
2014-08-16 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_krb5-140812.nasl - Type : ACT_GATHER_INFO |
2014-08-15 | Name : The remote Fedora host is missing a security update. File : fedora_2014-9315.nasl - Type : ACT_GATHER_INFO |
2014-08-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2310-1.nasl - Type : ACT_GATHER_INFO |
2014-08-12 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_krb5-140729.nasl - Type : ACT_GATHER_INFO |
2014-08-12 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-486.nasl - Type : ACT_GATHER_INFO |
2014-08-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3000.nasl - Type : ACT_GATHER_INFO |
2014-08-08 | Name : The remote Fedora host is missing a security update. File : fedora_2014-8176.nasl - Type : ACT_GATHER_INFO |
2014-08-08 | Name : The remote Fedora host is missing a security update. File : fedora_2014-8189.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-01-03 13:26:01 |
|
2014-12-31 17:22:55 |
|